OpenBSD Semget() Integer Overflow Vulnerability

This issue can be exploited by invoking the semget() system call with an 'nsems' variable of excessive size. The following proof of concept has been supplied:


 

Privacy Statement
Copyright 2010, SecurityFocus